aboutsummaryrefslogtreecommitdiffstats
path: root/lib/Fripost
diff options
context:
space:
mode:
Diffstat (limited to 'lib/Fripost')
-rw-r--r--lib/Fripost/Schema.pm21
1 files changed, 12 insertions, 9 deletions
diff --git a/lib/Fripost/Schema.pm b/lib/Fripost/Schema.pm
index 35c69e2..a0730f9 100644
--- a/lib/Fripost/Schema.pm
+++ b/lib/Fripost/Schema.pm
@@ -34,9 +34,10 @@ use Net::IDN::Encode qw/email_to_ascii/;
=item B<SASLauth> (I<username>, I<CFG>)
-Start a LDAP connection, and SASL-authenticate using proxy
-authentication for the given (fully-qualified) user. I<CFG> should
-contain definitions for the LDAP suffix and the authentication ID.
+Start a LDAP connection, and SASL-authenticate (with the GSSAPI
+mechanism) using proxy authentication for the given (fully-qualified)
+user. I<CFG> should contain definitions for the LDAP suffix and the
+authentication ID.
=cut
@@ -51,12 +52,14 @@ sub SASLauth {
$self->ldap( Net::LDAP::->new( $cfg{ldap_uri}, async => 1 ) );
my $sasl = Authen::SASL::->new(
- mechanism => 'DIGEST-MD5',
- callback => { user => $cfg{ldap_authcID}
- , pass => $cfg{ldap_authcPW}
- , authname => 'dn:'.$self->whoami }
+ mechanism => 'GSSAPI',
+ callback => { user => 'dn:'.$self->whoami
+ , authname => $cfg{krb5_principal} }
);
- my $mesg = $self->ldap->bind( sasl => $sasl );
+ my $conn = $sasl->client_new('ldap', $cfg{krb5_host} );
+ die $conn->error if $conn->code;
+
+ my $mesg = $self->ldap->bind( '', sasl => $conn );
# This is not supposed to happen.
die $mesg->error if $mesg->code;
@@ -66,7 +69,7 @@ sub SASLauth {
=item B<auth> (I<username>, I<password>, I<CFG>)
-Start a LDAP connection, and (simples-) binds the given user.
+Start a LDAP connection, and (simple-) binds the given user.
I<CFG> should contain definitions for the LDAP suffix and URI.
=cut